Lucene search
K

527 matches found

CVE
CVE
added 2 days ago12 views

CVE-2026-15605

The vulnerability CVE-2026-15605 affects wandb 0.25.2.dev1, specifically the ArtifactManifestEntry.download path in wandb/sdk/lib/hashutil.py under Artifact Integrity Validation. The issue is described as the use of a weak hash due to manipulating the ArtifactManifestEntry.download, with the atta...

3.1CVSS5.5AI score0.00151EPSS
Exploits0References7
CVE
CVE
added 5 days ago9 views

CVE-2026-41878

Vulnerability (CVE-2026-41878) in R-SOFT DMS: Insecure Direct Object Reference (IDOR) affecting multiple file download endpoints. The app fetches files from the database by ID and serves them to any request, relying solely on session authentication, enabling a valid user to access any file. Repor...

7.1CVSS6.1AI score0.0047EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-54652

Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/service endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and...

8.1CVSS0.00231EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 1:16 a.m.5 views

DEBIAN-CVE-2026-59995

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

5.4CVSS6AI score0.00241EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:23 p.m.5 views

CVE-2026-53729

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download /exportCenter/download/id, delete /exportCenter/delete, retry /exportCenter/retry/id, or generate download links /exportCenter/generateDownloadUri/id for export tasks belonging t...

8.7CVSS5.9AI score0.00391EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/07/07 5:29 p.m.32 views

CVE-2026-48948 Joomla! Core - [20260702] - Incorrect Access Control in com_contact vcf download

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

6.4CVSS0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.12 views

CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

8.7CVSS5.9AI score0.00638EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/30 2:55 p.m.18 views

EUVD-2018-21930

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

8.7CVSS5.9AI score0.00638EPSS
Exploits0References4
NVD
NVD
added 2026/05/29 4:16 p.m.15 views

CVE-2018-25393

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigatedownload.php with path traversal payloads ../../../cfg/globals.php to...

7.1CVSS0.00565EPSS
Exploits0References4
CVE
CVE
added 2026/05/29 12:9 p.m.31 views

CVE-2026-9508

The CVE-2026-9508 issue affects Suprema BioStar 2, versions 2.9.3–2.9.11, where incorrect permission settings on a critical resource allow backup ZIP files to be publicly exposed when an admin configures the NGINX webroot path. An attacker with network access can directly download backups via htt...

10CVSS5.8AI score0.00341EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/20 5:45 a.m.140 views

Exploit for Download of Code Without Integrity Check in Gin-Gonic Gin

gin-vulnerable Demo consumer pinned to github.c...

4.3CVSS6.1AI score0.00486EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2026/05/11 7:40 p.m.12 views

MantisBT Vulnerable to Stored XSS in File Download

Using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. Impact Cross-site scripting Patches - 26647b2e68ba30b9d7987d4e03d7a16416684bc2 Workarounds None...

7.5CVSS6AI score0.00349EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/04/29 7:24 p.m.10 views

CVE-2018-25312

CVE-2018-25312 affects LifeSize ClearSea 3.1.4. The vulnerability is a directory traversal in the smartgui interface that, when combined with uploading and manipulating path parameters, allows an authenticated attacker with network access to write files to arbitrary locations and potentially achi...

7.1CVSS6AI score0.00933EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 had code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the market plugin download function. This could allow remote...

7.6CVSS6AI score0.00223EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/20 11:8 p.m.2 views

CVE-2026-41302

OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...

7.6CVSS5.9AI score0.00223EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.14 views

PT-2026-33869

OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...

7.6CVSS5.9AI score0.00223EPSS
Exploits0References4
NVD
NVD
added 2026/04/15 7:16 p.m.6 views

CVE-2026-34242

Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17...

7.7CVSS0.00465EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/05 12:30 a.m.30 views

CVE-2026-5530 Ollama Model Pull API download.go server-side request forgery

A flaw has been found in Ollama up to 0.18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this...

6.5CVSS0.00297EPSS
Exploits2References4
EUVD
EUVD
added 2026/04/01 3:31 p.m.6 views

EUVD-2026-17877

A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled pat...

8.7CVSS6.5AI score0.00608EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/06 4:32 a.m.5 views

EUVD-2026-9989

Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0, when a user requests a download, the application does not verify whether the requested file is located within the media source directory, which can result in sensitive system...

8.6CVSS5.8AI score0.00436EPSS
Exploits1References2
Rows per page
Query Builder